New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ECCouncil > Cyber Technician (CCT) > 212-82

212-82 Certified Cybersecurity Technician (CCT) Question and Answers

Question # 4

As the IT security manager for a burgeoning e-commerce company, you're keen on implementing a formal risk management framework to proactively tackle security risks associated with the company's rapid online expansion. Given your focus one-commerce and the need for scalability, which risk management framework is likely the most relevant?

A.

ISO 27001 - Provides a comprehensive information security management system (ISMS).

B.

NIST Cybersecurity Framework (CSF) - Offers a general, customizable approach.

C.

PCI DSS (Payment Card Industry Data Security Standard) - Targets credit card data security specifically.

D.

COBIT (Control Objectives for Information and Related Technology) - Focuses on IT governance and control processes.

Full Access
Question # 5

Grace, an online shopping enthusiast, purchased a smart TV using her debit card. During online payment. Grace's browser redirected her from the e-commerce website to a third-party payment gateway, where she provided her debit card details and the OTP received on her registered mobile phone. After completing the transaction, Grace logged Into her online bank account and verified the current balance in her savings account, identify the state of data being processed between the e-commerce website and payment gateway in the above scenario.

A.

Data in inactive

B.

Data in transit

C.

Data in use

D.

Data at rest

Full Access
Question # 6

A threat intelligence feed data file has been acquired and stored in the Documents folder of Attacker Machine-1 (File Name: Threatfeed.txt). You are a cybersecurity technician working for an ABC organization. Your organization has assigned you a task to analyze the data and submit a report on the threat landscape. Select the IP address linked with http://securityabc.s21sec.com.

A.

5.9.200.200

B.

5.9.200.150

C.

5.9.110.120

D.

5.9.188.148

Full Access
Question # 7

Ashton is working as a security specialist in SoftEight Tech. He was instructed by the management to strengthen the Internet access policy. For this purpose, he implemented a type of Internet access policy that forbids everything and imposes strict restrictions on all company computers, whether it is system or network usage.

Identify the type of Internet access policy implemented by Ashton in the above scenario.

A.

Paranoid policy

B.

Prudent policy

C.

Permissive policy

D.

Promiscuous policy

Full Access
Question # 8

Jaden, a network administrator at an organization, used the ping command to check the status of a system connected to the organization's network. He received an ICMP error message stating that the IP header field contains invalid information. Jaden examined the ICMP packet and identified that it is an IP parameter problem.

Identify the type of ICMP error message received by Jaden in the above scenario.

A.

Type =12

B.

Type = 8

C.

Type = 5

D.

Type = 3

Full Access
Question # 9

A software company is developing a new software product by following the best practices for secure application development. Dawson, a software analyst, is checkingthe performance of the application on the client's network to determine whether end users are facing any issues in accessing the application.

Which of the following tiers of a secure application development lifecycle involves checking the performance of the application?

A.

Development

B.

Testing

C.

Quality assurance (QA)

D.

Staging

Full Access
Question # 10

Anderson, a security engineer, was Instructed to monitor all incoming and outgoing traffic on the organization's network to identify any suspicious traffic. For this purpose, he employed an analysis technique using which he analyzed packet header fields such as IP options, IP protocols, IP fragmentation flags, offset, and identification to check whether any fields are altered in transit.

Identify the type of attack signature analysis performed by Anderson in the above scenario.

A.

Context-based signature analysis

B.

Atomic-signature-based analysis

C.

Composite-signature-based analysis

D.

Content-based signature analysis

Full Access
Question # 11

Andre, a security professional, was tasked with segregating the employees' names, phone numbers, and credit card numbers before sharing the database with clients. For this purpose, he implemented a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#).

Which of the following techniques was employed by Andre in the above scenario?

A.

Tokenization

B.

Masking

C.

Hashing

D.

Bucketing

Full Access
Question # 12

Shawn, a forensic officer, was appointed to investigate a crime scene that had occurred at a coffee shop. As a part of investigation, Shawn collected the mobile device from the victim, which may contain potential evidence to identify the culprits.

Which of the following points must Shawn follow while preserving the digital evidence? (Choose three.)

A.

Never record the screen display of the device

B.

Turn the device ON if it is OFF

C.

Do not leave the device as it is if it is ON

D.

Make sure that the device is charged

Full Access
Question # 13

A web application, www.moviescope.com, was found to be prone to SQL injection attacks. You are tasked to exploit the web application and fetch the user data. Identify the contact number (Contact) of a user, Steve, in the moviescope database. Note: You already have an account on the web application, and your credentials are sam/test. (Practical Question)

A.

1-202-509-7316

B.

1-202-509-7432

C.

01-202-509-7364

D.

1-202-509-8421

Full Access
Question # 14

Myles, a security professional at an organization, provided laptops for all the employees to carry out the business processes from remote locations. While installing necessary applications required for the business, Myles has also installed antivirus software on each laptop following the company's policy to detect and protect the machines from external malicious events over the Internet.

Identify the PCI-DSS requirement followed by Myles in the above scenario.

A.

PCI-DSS requirement no 1.3.2

B.

PCI-DSS requirement no 1.3.5

C.

PCI-DSS requirement no 5.1

D.

PCI-DSS requirement no 1.3.1

Full Access
Question # 15

Thomas, an employee of an organization, is restricted from accessing specific websites from his office system. He is trying to obtain admin credentials to remove the restrictions. While waiting for an opportunity, he sniffed communication between the administrator and an application server to retrieve the admin credentials. Identify the type of attack performed by Thomas in the above scenario.

A.

Vishing

B.

Eavesdropping

C.

Phishing

D.

Dumpster diving

Full Access
Question # 16

TechTonic, a leading software solution provider, is incorporating stringent cybersecurity measures for their Windows-based server farm. Recently, it noticed a series of unauthorized activities within its systems but could not trace back tot he origins. The company Intends to bolster Its monitoring capabilities by comprehensively analyzing Windows system logs. Which strategy should TechTonic prioritize to gain an insightful and effective analysis of its Windows logs, aiming to trace potential intrusions?

A.

Implement a centralized logging server and analyze logs using pattern-detection algorithms.

B.

Set up monitoring only for Windows Event Log IDs commonly associated with security breaches.

C.

Routinely back up logs every week and conduct a monthly manual review to detect anomalies.

D.

Focus solely on logs from critical servers, assuming other logs are less consequential.

Full Access
Question # 17

FinTech Corp, a financial services software provider, handles millions of transactions daily. To address recent breaches In other organizations. It Is reevaluating Its data security controls. It specifically needs a control that will not only provide real-time protection against threats but also assist in achieving compliance with global financial regulations. The company's primary goal is to safeguard sensitive transactional data without impeding system performance. Which of the following controls would be the most suitable for FinTech Corp's objectives?

A.

Switching to disk-level encryption for all transactional databases

B.

Implementing DLP (Data Loss Prevention) systems

C.

Adopting anomaly-based intrusion detection systems

D.

Enforcing Two-Factor Authentication for all database access

Full Access
Question # 18

Hayes, a security professional, was tasked with the implementation of security controls for an industrial network at the Purdue level 3.5 (IDMZ). Hayes verified all the possible attack vectors on the IDMZ level and deployed a security control that fortifies the IDMZ against cyber-attacks.

Identify the security control implemented by Hayes in the above scenario.

A.

Point-to-po int communication

B.

MAC authentication

C.

Anti-DoS solution

D.

Use of authorized RTU and PLC commands

Full Access
Question # 19

An IoT device that has been placed in a hospital for safety measures, it has sent an alert command to the server. The network traffic has been captured and stored in the Documents folder of the Attacker Machine-1. Analyze the loTdeviceTraffic.pcapng file and select the appropriate command that was sent by the IoT device over the network.

A.

Tempe_Low

B.

Low_Tempe

C.

Temp_High

D.

High_Tempe

Full Access
Question # 20

An employee was fired from his security analyst job due to misconduct. While leaving, he installed a Trojan server on his workstation at 172.30.20.75. As an ethical hacker, you are asked to identify and connect to the Trojan server and explore available files. Enter the name of the VBScript file located in the Pictures folder of the workstation. Hint: You can use one of the Ttojan client applications available at "Z:\CCT-Tools\CCT Module 01 Information SecurityThreats and Vulnerabilities\Remote Access Ttojans (RAT)" of Attacker Machine-1. (Practical Question)

A.

B00m3rang

B.

ReboundBlitz

C.

Recoil Wave

D.

EchoStrike

Full Access
Question # 21

The IH&R team in an organization was handling a recent malware attack on one of the hosts connected to the organization's network. Edwin, a member of the IH&R team, was involved in reinstating lost data from the backup media. Before performing this step, Edwin ensured that the backup does not have any traces of malware.

Identify the IH&R step performed by Edwin in the above scenario.

A.

Eradication

B.

Incident containment

C.

Notification

D.

Recovery

Full Access
Question # 22

An MNC hired Brandon, a network defender, to establish secured VPN communication between the company's remote offices. For this purpose, Brandon employed a VPN topology where all the remote offices communicate with the corporate office but communication between the remote offices is denied.

Identify the VPN topology employed by Brandon in the above scenario.

A.

Point-to-Point VPN topology

B.

Star topology

C.

Hub-and-Spoke VPN topology

D.

Full-mesh VPN topology

Full Access
Question # 23

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

A.

Reconnaissance

B.

Command and control

C.

Weaponization

D.

Exploitation

Full Access
Question # 24

Brielle. a security professional, was instructed to secure her organization's network from malicious activities. To achieve this, she started monitoring network activities on a control system that collected event data from various sources. During this process. Brielle observed that a malicious actor had logged in to access a network device connected to the organizational network. Which of the following types of events did Brielle identify in the above scenario?

A.

Failure audit

B.

Error

C.

Success audit

D.

Warning

Full Access
Question # 25

CyberX, an acclaimed cybersecurity firm with a diverse clientele ranging from financial institutions to healthcare providers, has been approached by NexusCorp. NexusCorp, a global supply chain giant, seeks assistance in drafting a new security policy after a series of cyber-attacks that highlighted vulnerabilities in its existing protocols. While NexusCorp uses state-of-the-art technology, its security policies have not kept pace. It needs a policy that acknowledges its complex organizational structure, vast geographic spread, and diversity in employee tech proficiency.

Which should be CyberX’s primary consideration in this scenario?

A.

Regular update schedules for software and hardware components.

B.

Stakeholder involvement in policy formulation.

C.

Use of the latest encryption algorithms.

D.

Emphasis on stringent password policies.

Full Access
Question # 26

In an organization, all the servers and database systems are guarded in a sealed room with a single-entry point. The entrance is protected with a physical lock system that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs.

Which of the following types of physical locks is used by the organization in the above scenario?

A.

Digital locks

B.

Combination locks

C.

Mechanical locks

D.

Electromagnetic locks

Full Access
Question # 27

Matias, a network security administrator at an organization, was tasked with the implementation of secure wireless network encryption for their network. For this purpose, Matias employed a security solution that uses 256-bit Galois/Counter Mode Protocol (GCMP-256) to maintain the authenticity and confidentiality of data.

Identify the type of wireless encryption used by the security solution employed by Matias in the above scenario.

A.

WPA2 encryption

B.

WPA3 encryption

C.

WEP encryption

D.

WPA encryption

Full Access
Question # 28

ApexTech, a cybersecurity consultancy, was approached by a large energy conglomerate to assess the robustness of its energy grid control systems. The conglomerate Is transitioning from traditional systems to a more interconnected smart grid. ApexTech proposed a penetration test to identify potential vulnerabilities in the new setup. The firm provided four methodologies it could employ to assess the system's vulnerabilities comprehensively. The energy conglomerate must select the approach that would be MOST revealing and beneficial in identifying vulnerabilities in the context of its transitioning infrastructure:

A.

A double-blind test where both the energy company's IT team and testers are unaware of the impending test.

B.

A blind penetration test where testers have no prior knowledge of the infrastructure.

C.

An external test focusing only on the conglomerate's externally facing assets and systems.

D.

A targeted test where both the testers and IT team work collaboratively and are fully informed.

Full Access
Question # 29

Rhett, a security professional at an organization, was instructed to deploy an IDS solution on their corporate network to defend against evolving threats. For this purpose, Rhett selected an IDS solution that first creates models for possible intrusions and then compares these models with incoming events to make detection decisions.

Identify the detection method employed by the IDS solution in the above scenario.

A.

Not-use detection

B.

Protocol anomaly detection

C.

Anomaly detection

D.

Signature recognition

Full Access
Question # 30

Stephen, a security professional at an organization, was instructed to implement security measures that prevent corporate data leakage on employees' mobile devices. For this purpose, he employed a technique using which all personal and corporate data are isolated on an employee's mobile device. Using this technique, corporate applications do not have any control of or communication with the private applications or data of the employees.

Which of the following techniques has Stephen implemented in the above scenario?

A.

Full device encryption

B.

Geofencing

C.

Containerization

D.

OTA updates

Full Access
Question # 31

A text file containing sensitive information about the organization has been leaked and modified to bring down the reputation of the organization. As a safety measure, the organization did contain the MD5 hash of the original file. The file which has been leaked is retained for examining the integrity. A file named "Sensitiveinfo.txt" along with OriginalFileHash.txt has been stored in a folder named Hash in Documents of Attacker Machine-1. Compare the hash value of the original file with the leaked file and state whether the file has been modified or not by selecting yes or no.

A.

No

B.

Yes

Full Access
Question # 32

NexaBank, a prestigious banking institution, houses its primary data center in Houston, Texas. The data center is essential as It holds sensitive customer Information and processes millions of transactions daily. The bank, while confident about its cybersecurity measures, has concerns regarding the physical threats given Houston's susceptibility to natural disasters, especially hurricanes. The management understands that a natural disaster could disrupt services or, worse, compromise customer data. The bank Is now weighing options to enhance its physical security controls to account for such external threats.

For NexaBank's data center In Houston, which is the most critical physical security control it should consider implementing?

A.

Bulletproof glass windows and fortified walls.

B.

Flood-resistant barriers and drainage systems.

C.

Deploy additional armed security personnel.

D.

Advanced CCTV surveillance with facial recognition.

Full Access
Question # 33

FusionTech, a leading tech company specializing in quantum computing, is based in downtown San Francisco, with its headquarters situated In a multi-tenant skyscraper. Their office spans across three floors. The cutting-edge technology and the proprietary data that FusionTech possesses make it a prime target for both cyber and physical threats. Recently, during an internal security review, it was discovered that an unauthorized individual was spotted on one of the floors. There was no breach, but it raised an alarm. The management wants to address this vulnerability without causing too much inconvenience to its 2000+ employees and the other tenants of the building.

Given FusionTech's unique challenges, which measure should it primarily consider to bolster its workplace security?

A.

Implement retina scanning at every floor entrance.

B.

Introduce an employee badge system with time-based access control.

C.

Station security personnel on every floor.

D.

Build a separate entrance and elevator for FusionTech employees.

Full Access
Question # 34

ProNet, a leading technology firm, has been dynamically evolving its internal infrastructure to cater to an expanding workforce and changing business needs. The company's current project involves enhancing the overall security of its internal platforms. The company’s security team is focusing on a robust access control system. To make the system efficient, it needs to implement a model that would define access based on roles within the organization, where specific roles would have predefined access to certain resources, and the roles can be assigned to multiple users. The aim is to decrease the administrative work involved in assigning permissions and ensure that users gain only the necessary permissions in line with their job functions.

Which access control model best suits ProNet's requirement?

A.

Attribute-Based Access Control (ABAC)

B.

Discretionary Access Control (DAC)

C.

Role-Based Access Control (RBAC)

D.

Mandatory Access Control (MAC)

Full Access
Question # 35

Jordan, a network administrator in an organization, was instructed to identify network-related issues and improve network performance. While troubleshooting the network, he received a message indicating that the datagram could not be forwarded owing to the unavailability of IP-related services (such as FTP or web services) on the target host, which of the following network issues did Jordan find in this scenario?

A.

Time exceeded message

B.

Destination unreachable message

C.

Unreachable networks

D.

Network cable is unplugged

Full Access
Question # 36

Hotel Grande offers luxury accommodations and emphasizes top-notch service for its guests. One such service is secure, high-speed Wi-FI access In every room. The hotel wishes to deploy an authentication method that would give individual guests a seamless experience without compromising security. This method should ideally provide a balance between convenience and strong security. Which of the following should Hotel Grande use?

A.

PSK (Pre-Shared Key)

B.

Open Authentication

C.

EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)

D.

MAC address filtering

Full Access
Question # 37

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

A.

Quid pro quo

B.

Diversion theft

C.

Elicitation

D.

Phishing

Full Access
Question # 38

You work in a Multinational Company named Vector Inc. on Hypervisors and Virtualization Software. You are using the Operating System (OS) Virtualization and you have to handle the Security risks associated with the OS virtualization. How can you mitigate these security risks?

A.

All of the above

B.

Implement least privilege access control for users managing VMs.

C.

Regularly patch and update the hypervisor software for security fixes.

D.

Disable security features on virtual machines to improve performance.

Full Access
Question # 39

Walker, a security team member at an organization, was instructed to check if a deployed cloud service is working as expected. He performed an independent examination of cloud service controls to verify adherence to standards through a review of objective evidence. Further, Walker evaluated the services provided by the CSP regarding security controls, privacy impact, and performance.

Identify the role played by Walker in the above scenario.

A.

Cloud auditor

B.

Cloud provider

C.

Cloud carrier

D.

Cloud consumer

Full Access
Question # 40

Jaden, a network administrator at an organization, used the ping command to check the status of a system connected to the organization's network. He received an ICMP error message stating that the IP header field contains invalid information. Jaden examined the ICMP packet and identified that it is an IP parameter problem.

Identify the type of ICMP error message received by Jaden in the above scenario.

A.

Type =12

B.

Type = 8

C.

Type = 5

D.

Type = 3

Full Access
Question # 41

As the director of cybersecurity for a prominent financial Institution, you oversee the security protocols for a vast array of digital operations. The institution recently transitioned to a new core banking platform that integrates an artificial intelligence (Al)-based fraud detection system. This system monitors real-time transactions, leveraging pattern recognition and behavioral analytics.

A week post-transition, you are alerted to abnormal behavior patterns in the Al system. On closer examination, the system is mistakenly flagging genuine transactions as fraudulent, causing a surge in false positives. This not only disrupts the customers' banking experience but also strains the manual review team. Preliminary investigations suggest subtle data poisoning attacks aiming to compromise the Al's training data, skewing its decision-making ability. To safeguard the Al-based fraud detection system and maintain the integrity of your financial data, which of the following steps should be your primary focus?

A.

Collaborate with the Al development team to retrain the model using only verified transaction data and implement real time monitoring to detect data poisoning attempts.

B.

Migrate back to the legacy banking platform until the new system is thoroughly vetted and all potential vulnerabilities are addressed.

C.

Liaise with third-party cybersecurity firms to conduct an exhaustive penetration test on the entire core banking platform, focusing on potential data breach points.

D.

Engage in extensive customer outreach programs, urging them to report any discrepancies in their transaction records, and manually verifying flagged transactions.

Full Access
Question # 42

NetSafe Corp, recently conducted an overhaul of its entire network. This refresh means that the old baseline traffic signatures no longer apply. The security team needs to establish a new baseline that comprehensively captures both normal and suspicious activities. The goal is to ensure real-time detection and mitigation of threats without generating excessive false positives. Which approach should NetSafe Corp, adopt to effectively set up this baseline?

A.

Continuously collect data for a week and define the average traffic pattern as the baseline.

B.

Utilize machine learning algorithms to analyze traffic for a month and generate a dynamic baseline.

C.

Analyze the last year's traffic logs and predict the baseline using historical data.

D.

Conduct a red team exercise and base the new baseline on the identified threats.

Full Access
Question # 43

In an organization, all the servers and database systems are guarded in a sealed room with a single-entry point. The entrance is protected with a physical lock system that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs.

Which of the following types of physical locks is used by the organization in the above scenario?

A.

Digital locks

B.

Combination locks

C.

Mechanical locks

D.

Electromagnetic locks

Full Access
Question # 44

Finley, a security professional at an organization, was tasked with monitoring the organizational network behavior through the SIEM dashboard. While monitoring, Finley noticed suspicious activities in the network; thus, he captured and analyzed a single network packet to determine whether the signature included malicious patterns. Identify the attack signature analysis technique employed by Finley in this scenario.

A.

Context-based signature analysis

B.

Atomic-signature-based analysis

C.

Composite signature-based analysis

D.

Content-based signature analysis

Full Access
Question # 45

Mark, a security analyst, was tasked with performing threat hunting to detect imminent threats in an organization's network. He generated a hypothesis based on the observations in the initial step and started the threat-hunting process using existing data collected from DNS and proxy logs.

Identify the type of threat-hunting method employed by Mark in the above scenario.

A.

Entity-driven hunting

B.

TTP-driven hunting

C.

Data-driven hunting

D.

Hybrid hunting

Full Access
Question # 46

Ryleigh, a system administrator, was instructed to perform a full back up of organizational data on a regular basis. For this purpose, she used a backup technique on a fixed date when the employees are not accessing the system i.e., when a service-level down time is allowed a full backup is taken.

Identify the backup technique utilized by Ryleigh in the above scenario.

A.

Nearline backup

B.

Cold backup

C.

Hot backup

D.

Warm backup

Full Access
Question # 47

Sam, a software engineer, visited an organization to give a demonstration on a software tool that helps in business development. The administrator at the organization created a least privileged account on a system and allocated that system to Sam for the demonstration. Using this account, Sam can only access the files that are required for the demonstration and cannot open any other file in the system.

Which of the following types of accounts the organization has given to Sam in the above scenario?

A.

Service account

B.

Guest account

C.

User account

D.

Administrator account

Full Access
Question # 48

Kaison. a forensic officer, was investigating a compromised system used for various online attacks. Kaison initiated the data acquisition process and extracted the data from the systems DVD-ROM. Which of the following types of data did Kaison acquire in the above scenario?

A.

Archival media

B.

Kernel statistics

C.

ARP cache

D.

Processor cache

Full Access